检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]江西师范大学计算机信息工程学院,南昌330022
出 处:《计算机应用》2013年第12期3494-3498,共5页journal of Computer Applications
基 金:江西省自然科学基金资助项目(2011ZBAB211002)
摘 要:多态蠕虫特征提取是基于特征的入侵检测的难点,快速提取出精确程度更高的多态蠕虫特征对于有效防范蠕虫的快速传播有着重要的作用。针对层次式的多序列匹配(HMSA)算法进行多序列比对的时间效率较低和由迭代方法提取出的特征不够精确等问题,提出了基于改进蚁群算法的多态蠕虫特征提取方法 antMSA。该方法首先对蚁群的搜索策略进行了相应的改进,并将改进后的蚁群算法引入到奖励相邻匹配的全局联配(CMENW)算法中,利用蚁群算法快速收敛能力,在全局范围内快速生成较好解,提取出多态蠕虫的特征片段;然后将其转化为标准入侵检测系统(IDS)规则,用于后期防御。实验表明,改进后的蚁群算法能够较好地克服基本蚁群算法的停滞现象,扩大搜索空间,能够有效提高特征提取的效率和质量,降低误报率。Polymorphic worms signature extraction is a critical part of signature-based intrusion detection. Extracting precise signatures quickly plays an important role in preventing the spread of the worms. Since the classical Hierarchical Multi- Sequence Alignment (HMSA) algorithm has bad time performance in extracting signatures when multiple sequences alignment was used and the extracted signatures were not precise enough, a new automatic signature extraction method called antMSA was proposed based on the improved ant optimal algorithm. The search strategy of the ant group was improved, and then it was introduced to the Contiguous Matches Encouraging Needleman-Wunsch (CMENW) algorithm to get a better solution quickly in global range by using the rapid convergence ability of ant colony algorithm. The signature fragments were extracted and converted into the standard rules of the intrusion detection system for subsequent defense. The experimental results show that the new method solves the stagnation problem of the classical ant optimal algorithm, extends the search space, extracts signatures more efficiently and precisely, and reduces the false positive rate and the false negative rate.
关 键 词:蚁群算法 序列比对 特征提取 入侵检测 多态蠕虫
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.171